[nsp] Pix 6.3(3) and UDP issues
Turpin Mark Contr AFCA/GCF
Mark.Turpin at scott.af.mil
Thu Sep 25 10:01:07 EDT 2003
> -----Original Message-----
> From: tgrace [mailto:tgrace at tgrace.com]
> Sent: Thursday, September 25, 2003 9:04 AM
> To: 'Olav Langeland'; swm at emanon.com; cisco-nsp at puck.nether.net
> Subject: RE: [nsp] Pix 6.3(3) and UDP issues
>
>
[snip]
> We also experienced what appear to be denials of packets from
> established
> connections, mostly mail servers. Random drops of packets
> from a high port
> on an external mail server to port 25 on an NAT'd mail
> server. Similar type
> of thing with DNS queries from internal hosts (being PAT'd)
> to a dns server
> in a dmz. The resolution to each of those was an explict rule
> allowing the
> return traffic.
[snip]
Hi,
Do you have more than one DNS server? Is one responding slowly?
Could it be that dns guard is dropping the additional respones
to the mail server?
cheers,
-Mark
More information about the cisco-nsp
mailing list